专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09009844B1 Methods and apparatus for knowledge-based authentication using historically-aware questionnaires 有权
标题翻译：使用历史感知调查表进行知识认证的方法和设备
公开(公告)号：US09009844B1
公开(公告)日：2015-04-14
申请号：US13436080
申请日：2012-03-30
申请人： Thomas S. Corn , Ari Juels , Nikolaos Triandopoulos
发明人： Thomas S. Corn , Ari Juels , Nikolaos Triandopoulos
IPC分类号： H04L29/06
CPC分类号： H04L9/0675 , H04L9/3271
摘要： Knowledge-based authentication (KBA) is provided using historically-aware questionnaires. The KBA can obtain a plurality of historically different answers from the user to at least one question; challenge the user with the question for a given period of time; receive a response from the user to the question; and grant access to the restricted resource if the response is accurate for the given period of time based on the historically different answers. Alternatively, the KBA can be based on historically aware answers to a set of inter-related questions. The user is challenged with the inter-related questions for a given period of time. Historically different answers can comprise answers with applicable dates, or correct answers to the question over time. Historically aware answers can comprise an answer that is accurate for an indicated date or period of time. An accurate response demonstrates knowledge of multiple related personal events.
摘要翻译：基于知识的认证（KBA）是使用历史感知的问卷调查表提供的。 KBA可以从用户获得多个历史上不同的答案至少一个问题; 在给定的时间内质疑用户的问题; 接收用户对该问题的回复; 并且如果响应在给定时间段内基于历史上不同的答案准确，则授予对受限资源的访问。或者，KBA可以基于历史上意识到的一系列相互关联的问题的答案。用户在给定的时间内受到相互关联的问题的挑战。历史上不同的答案可以包括适用日期的答案，或者随着时间的推移对问题的正确答案。历史上意识到的答案可以包含对于指定的日期或时间段的准确的答案。准确的答复表明了多个相关个人事件的知识。

2. 发明授权

US08984609B1 Methods and apparatus for embedding auxiliary information in one-time passcodes 有权
标题翻译：将辅助信息嵌入一次性密码的方法和装置
公开(公告)号：US08984609B1
公开(公告)日：2015-03-17
申请号：US13404780
申请日：2012-02-24
申请人： Ari Juels , Nikolaos Triandopoulos , Ronald Rivest , Marten Erik van Dijk
发明人： Ari Juels , Nikolaos Triandopoulos , Ronald Rivest , Marten Erik van Dijk
IPC分类号： G06F9/00
CPC分类号： G06F21/34 , G06F2221/2129 , H04L9/3228 , H04L63/0846
摘要： Methods and apparatus are provided for embedding auxiliary information in one-time passcode authentication tokens. Auxiliary information is embedded in authentication information transmitted to a receiver by obtaining the auxiliary information; and mapping the auxiliary information to a codeword using a secret key, wherein the secret key is shared between the security token and an authentication authority; and combining the codeword with a tokencode generated by a security token to generate a one-time passcode. The one-time passcode can then be transmitted to the receiver.
摘要翻译：提供了将辅助信息嵌入一次性密码认证令牌中的方法和装置。辅助信息被嵌入到通过获取辅助信息发送到接收器的认证信息中; 以及使用秘密密钥将所述辅助信息映射到码字，其中所述秘密密钥在所述安全令牌和认证机构之间共享; 以及将码字与由安全令牌生成的令牌代码组合以生成一次性密码。然后可以将一次性密码传送到接收器。

3. 发明申请

US20150242616A1 Credential recovery with the assistance of trusted entities 有权
标题翻译：在信任实体的协助下进行凭证恢复
公开(公告)号：US20150242616A1
公开(公告)日：2015-08-27
申请号：US14190195
申请日：2014-02-26
申请人： Alina Oprea , Kevin D. Bowers , Nikolaos Triandopoulos , Ting-Fang Yen , Ari Juels
发明人： Alina Oprea , Kevin D. Bowers , Nikolaos Triandopoulos , Ting-Fang Yen , Ari Juels
IPC分类号： G06F21/44
CPC分类号： G06F21/445 , G06F21/32 , G06F21/34 , G06F2221/2113 , G06F2221/2131
摘要： There is disclosed a method for use in credential recovery. In one exemplary embodiment, the method comprises determining a policy that requires at least one trusted entity to verify the identity of a first entity in order to facilitate credential recovery. The method also comprises receiving at least one communication that confirms verification of the identity of the first entity by at least one trusted entity. The method further comprises permitting credential recovery based on the received verification.
摘要翻译：公开了用于证书恢复的方法。在一个示例性实施例中，该方法包括确定需要至少一个可信实体来验证第一实体的身份以便于凭证恢复的策略。该方法还包括接收由至少一个可信实体验证第一实体的身份的至少一个通信。该方法还包括基于所接收的验证允许凭证恢复。

4. 发明授权

US09118661B1 Methods and apparatus for authenticating a user using multi-server one-time passcode verification 有权
标题翻译：使用多服务器一次性密码验证认证用户的方法和装置
公开(公告)号：US09118661B1
公开(公告)日：2015-08-25
申请号：US13404737
申请日：2012-02-24
申请人： Ari Juels , Nikolaos Triandopoulos , Marten Erik van Dijk
发明人： Ari Juels , Nikolaos Triandopoulos , Marten Erik van Dijk
IPC分类号： H04L29/06
CPC分类号： H04L63/0838 , H04L63/0853
摘要： Methods and apparatus are provided for authenticating a user using multi-server one-time passcode verification. A user is authenticated by receiving authentication information from the user; and authenticating the user based on the received authentication information using at least two authentication servers, wherein the received authentication information is based on a secret shared between a security token associated with the user and an authentication authority that provides the at least two authentication servers. For example, the authentication information can comprise a passcode comprised of a tokencode from the security token and a password from the user. The user can be authenticated only if, for example, all of the at least two authentication servers authenticate the received authentication information.
摘要翻译：提供了使用多服务器一次性密码验证来验证用户的方法和装置。通过从用户接收认证信息来认证用户; 以及使用至少两个认证服务器基于所接收的认证信息来认证所述用户，其中，所接收的认证信息基于与所述用户相关联的安全令牌和提供所述至少两个认证服务器的认证机构之间共享的秘密。例如，认证信息可以包括由来自安全令牌的令牌代码和来自用户的密码组成的密码。只有在例如所有至少两个认证服务器中的所有认证服务器对接收到的认证信息进行认证时，才可以认证用户。

5. 发明授权

US09021553B1 Methods and apparatus for fraud detection and remediation in knowledge-based authentication 有权
标题翻译：基于知识的认证欺诈检测和修复的方法和设备
公开(公告)号：US09021553B1
公开(公告)日：2015-04-28
申请号：US13436125
申请日：2012-03-30
申请人： Thomas S. Corn , Ari Juels , Nikolaos Triandopoulos
发明人： Thomas S. Corn , Ari Juels , Nikolaos Triandopoulos
IPC分类号： H04L29/06 , G06F21/31
CPC分类号： G06F21/31 , G06F2221/2133
摘要： Methods and apparatus are provided for fraud detection and remediation in knowledge-based authentication (KBA). A knowledge-based authentication method is performed by a server for restricting access of a user to a restricted resource. The exemplary knowledge-based authentication method comprises challenging the user with one or more questions requiring knowledge by the user; receiving a response from the user to the one or more questions, wherein at least a portion of the response is encoded by the user using an encoding scheme defined between the server and the user to signal a fraudulent access attempt; and granting access to the restricted resource if one or more predefined response criteria are satisfied, wherein the one or more predefined response criteria comprises an assessment of whether the encoded portion of the response satisfies the encoding scheme. A number of exemplary encoding schemes are disclosed.
摘要翻译：提供了基于知识的认证（KBA）中的欺诈检测和修复的方法和装置。基于知识的认证方法由服务器执行，用于限制用户对受限资源的访问。示例性的基于知识的认证方法包括用用户需要知识的一个或多个问题来挑战用户; 从所述用户接收对所述一个或多个问题的响应，其中所述响应的至少一部分由所述用户使用在所述服务器和所述用户之间定义的编码方案进行编码以用信号通知欺诈性接入尝试; 以及如果满足一个或多个预定义的响应准则则允许对所述受限资源的访问，其中所述一个或多个预定义的响应标准包括所述响应的编码部分是否满足所述编码方案的评估。公开了许多示例性编码方案。

6. 发明授权

US08813234B1 Graph-based approach to deterring persistent security threats 有权
标题翻译：以图为基础的方法来阻止持续的安全威胁
公开(公告)号：US08813234B1
公开(公告)日：2014-08-19
申请号：US13171759
申请日：2011-06-29
申请人： Kevin D. Bowers , Marten E. van Dijk , Ari Juels , Alina M. Oprea , Ronald L. Rivest , Nikolaos Triandopoulos
发明人： Kevin D. Bowers , Marten E. van Dijk , Ari Juels , Alina M. Oprea , Ronald L. Rivest , Nikolaos Triandopoulos
IPC分类号： G06F21/00
CPC分类号： G06F21/552 , H04L63/1408 , H04L63/1441 , H04L63/20
摘要： A processing device comprises a processor coupled to a memory and implements a graph-based approach to protection of a system comprising information technology infrastructure from a persistent security threat. Attack-escalation states of the persistent security threat are assigned to respective nodes in a graph, and defensive costs for preventing transitions between pairs of the nodes are assigned to respective edges in the graph. A minimum cut of the graph is computed, and a defensive strategy is determined based on the minimum cut. The system comprising information technology infrastructure subject to the persistent security threat is configured in accordance with the defensive strategy in order to deter the persistent security threat.
摘要翻译：处理设备包括处理器，其耦合到存储器并且实现基于图的方法以保护包括信息技术基础设施的系统免受持久的安全威胁。持续性安全威胁的攻击升级状态被分配给图中的相应节点，并且用于防止节点对之间的转换的防御成本被分配给图中的相应边缘。计算图的最小值，并根据最小值确定防御策略。包含受到持续安全威胁的信息技术基础架构的系统是根据防御策略配置的，以便阻止持续的安全威胁。

7. 发明授权

US09160539B1 Methods and apparatus for secure, stealthy and reliable transmission of alert messages from a security alerting system 有权
标题翻译：用于安全，隐身和可靠地传输来自安全警报系统的警报消息的方法和装置
公开(公告)号：US09160539B1
公开(公告)日：2015-10-13
申请号：US13537981
申请日：2012-06-29
申请人： Ari Juels , Nikolaos Triandopoulos , Kevin Bowers , Catherine Hart
发明人： Ari Juels , Nikolaos Triandopoulos , Kevin Bowers , Catherine Hart
IPC分类号： H04L9/32
CPC分类号： H04L9/3244 , G06F21/554 , G06F2221/2107 , H04L9/3242 , H04L9/3247
摘要： Methods and apparatus are provided for secure transmission of alert messages over a message locking channel. An alert message is transmitted from a Security Alerting System indicating a potential compromise of a protected resource by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server, wherein the secret key evolves in a forward-secure manner; storing the authenticated alert message in a buffer; and transmitting the buffer to the server. The alert message is authenticated by digitally signing the alert message or applying a message authentication code and is possibly encrypted using a secret key known by a server, wherein the secret key evolves in a forward-secure manner. The authenticated alert message can be maintained in the buffer after the transmitting step. The buffer optionally has a fixed-size and alert messages can be stored in a round-robin manner, for example, from a random position. The buffer can be encrypted prior to transmission to the server.
摘要翻译：提供了用于通过消息锁定通道安全地传送警报消息的方法和装置。通过从安全警报系统获取警报消息，从安全警报系统发送指示受保护资源的潜在危害的警报消息; 使用服务器已知的密钥对所述警报消息进行认证，其中所述秘密密钥以前向安全的方式演进; 将经认证的警报消息存储在缓冲器中; 并将缓冲区发送到服务器。警报消息通过对警报消息进行数字签名或应用消息认证码进行认证，并且可以使用服务器已知的秘密密钥加密，其中秘密密钥以前向安全的方式发展。在发送步骤之后，可以在缓冲器中维护认证的警报消息。缓冲器可选地具有固定大小，并且警报消息可以以循环方式存储，例如从随机位置存储。缓冲区可以在传输到服务器之前进行加密。

8. 发明授权

US08683563B1 Soft token posture assessment 有权
标题翻译：软令牌姿势评估
公开(公告)号：US08683563B1
公开(公告)日：2014-03-25
申请号：US13435616
申请日：2012-03-30
申请人： Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , William M. Duane , Ari Juels , Michael J. O'Malley , Nikolaos Triandopoulos , Riaz Zolfonoon
发明人： Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , William M. Duane , Ari Juels , Michael J. O'Malley , Nikolaos Triandopoulos , Riaz Zolfonoon
IPC分类号： G06F7/04
CPC分类号： H04L9/00 , G06F21/43 , G06F21/554 , G06F21/56 , H04L63/1433 , H04W12/06 , H04W12/12
摘要： An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture information is transmitted to the server directly. In other examples, the device posture information is transmitted to the server via auxiliary bits embedded in passcodes displayed to the user, which the user may read and transfer to the server as part of authentication requests. The server may apply the device posture information in a number of areas, including, for example, authentication management, risk assessment, and/or security analytics.
摘要翻译：用于评估其上运行软令牌的设备的安全状态的改进技术从运行软令牌的设备收集设备姿态信息，并且发起设备姿态信息传输到服务器以用于评估设备是否已经被遭受恶意活动。设备姿态信息可以涉及设备的软件状态，硬件状态和/或环境上下文。在一些示例中，设备姿态信息被直接发送到服务器。在其他示例中，设备姿态信息通过嵌入在显示给用户的密码中的辅助位发送到服务器，用户可以作为认证请求的一部分读取和传送到服务器。服务器可以在多个区域中应用设备姿态信息，包括例如认证管理，风险评估和/或安全分析。

9. 发明授权

US09515989B1 Methods and apparatus for silent alarm channels using one-time passcode authentication tokens 有权
标题翻译：使用一次性密码认证令牌的静音报警信道的方法和装置
公开(公告)号：US09515989B1
公开(公告)日：2016-12-06
申请号：US13404788
申请日：2012-02-24
申请人： Ari Juels , Nikolaos Triandopoulos , Marten Erik van Dijk , Ronald Rivest
发明人： Ari Juels , Nikolaos Triandopoulos , Marten Erik van Dijk , Ronald Rivest
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04L63/00 , H04L63/0428 , H04L63/065 , H04L63/0838 , H04L63/0869 , H04L63/123 , H04L63/126 , H04L63/14
摘要： Methods and apparatus are provided for silent alarm channels using one-time passcode authentication tokens. A message is transmitted indicating a potential attack on a protected resource by obtaining the message; combining the message with a tokencode generated by a security token to generate a one-time passcode; and transmitting the one-time passcode to a receiver. A plurality of the messages can be obtained in parallel, and the plurality of parallel messages can be combined with the tokencode to generate the one-time passcode. A subsequent message can optionally be generated by applying a hash function to a prior n-bit value to provide a counter identifying each message. The message optionally also comprises one or more additional bits to provide an annotation of the message.
摘要翻译：为使用一次性密码认证令牌的静音报警通道提供方法和装置。通过获得消息来传送指示对受保护资源的潜在攻击的消息; 将消息与由安全令牌生成的令牌代码组合以生成一次性密码; 并将一次性密码发送到接收机。可以并行获得多个消息，并且多个并行消息可以与令牌代码组合以生成一次性密码。可以可选地通过将哈希函数应用于先前的n位值来产生后续消息，以提供识别每个消息的计数器。消息可选地还包括一个或多个附加位以提供消息的注释。

10. 发明授权

US09008303B1 Method and apparatus for generating forward secure pseudorandom numbers 有权
标题翻译：用于产生前向安全伪随机数的方法和装置
公开(公告)号：US09008303B1
公开(公告)日：2015-04-14
申请号：US13334709
申请日：2011-12-22
申请人： Ari Juels , Nikolaos Triandopoulos , Kevin Bowers
发明人： Ari Juels , Nikolaos Triandopoulos , Kevin Bowers
IPC分类号： H04L9/00 , H04L9/08 , G06F7/58
CPC分类号： H04L9/0869 , G06F7/582 , H04L9/0891 , H04L2209/38
摘要： Methods and apparatus are provided for generation of forward secure pseudorandom numbers. A forward secure pseudorandom number is generated by obtaining a first state si corresponding to a current leaf node vi in a hierarchical tree, wherein the current leaf vi produces a first pseudorandom number ri−t and wherein the hierarchical tree comprises at least one chain comprised of a plurality of nodes on a given level of the hierarchical tree; updating the first state si to a second state si+t corresponding to a second leaf node vi+t; and computing a second pseudorandom number ri+t−1 corresponding to the second leaf node vi+t. The variable t may be an integer greater than one. Updating the state does not require generation of all pseudorandom numbers produced by leaf nodes between the current leaf node vi and the second leaf node vi+t.
摘要翻译：提供了用于产生前向安全伪随机数的方法和装置。通过获得与分层树中的当前叶节点vi相对应的第一状态si来生成正向安全伪随机数，其中当前叶vi产生第一伪随机数ri-t，并且其中分级树包括至少一个链，其包括分层树的给定级别上的多个节点; 将第一状态si更新为对应于第二叶节点vi + t的第二状态si + t; 以及计算对应于第二叶节点vi + t的第二伪随机数ri + t-1。变量t可以是大于1的整数。更新状态不需要生成当前叶节点vi和第二叶节点vi + t之间的叶节点产生的所有伪随机数。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式